CVE Vulnerability

CVE-2007-0134

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1.4.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://packetstormsecurity.nl/0701-exploits/igshop10-multiple.txt Exploit
http://secunia.com/advisories/23604 Vendor Advisory
http://www.securityfocus.com/bid/21875
http://www.attrition.org/pipermail/vim/2007-June/001664.html
http://osvdb.org/33388
http://osvdb.org/33387
http://www.vupen.com/english/advisories/2007/0056 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/31301
https://www.exploit-db.com/exploits/3083
http://www.securityfocus.com/archive/1/471722/100/0/threaded
http://www.securityfocus.com/archive/1/456043/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:igeneric:ig_shop:1.4:*:*:*:*:*:*:*
cpe:2.3:a:igeneric:ig_shop:1.0:*:*:*:*:*:*:*
Information

Published : 2007-01-09 11:28

Updated : 2018-10-16 04:31

NVD link : CVE-2007-0134

Mitre link : CVE-2007-0134

Products Affected
No products.
CWE
CWE-94